Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-02-10 08:14:35 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add NX/ASLR detection for PE

Browse Source
This commit is contained in:
jvoisin 2014-05-09 19:25:12 +02:00
parent 7122cddc1f
commit ac9354d455
3 changed files with 48 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
libr/bin/p/bin_pe.c
View File

@ -231,6 +231,44 @@ static int has_canary(RBinFile *arch) {
return 0;
}
static int has_aslr(const RBinFile* arch) {
const ut8 *buf;
unsigned int idx;
ut64 sz;
if (!arch)
return R_FALSE;
buf = r_buf_buffer (arch->buf);
if (!buf)
return R_FALSE;
sz = r_buf_size (arch->buf);
idx = (buf[0x3c] | (buf[0x3d]<<8));
if (sz < idx + 0x5E)
return R_FALSE;
return (*(ut8*)(buf + idx + 0x5E)) & 0x40;
}
static int has_nx(const RBinFile* arch) {
const ut8 *buf;
unsigned int idx;
ut64 sz;
if (!arch)
return R_FALSE;
buf = r_buf_buffer (arch->buf);
if (!buf)
return R_FALSE;
sz = r_buf_size (arch->buf);
idx = (buf[0x3c] | (buf[0x3d]<<8));
if (sz < idx + 0x5E)
return R_FALSE;
return (*(ut16*)(buf + idx + 0x5E)) & 0x100;
}
static RBinInfo* info(RBinFile *arch) {
char *str;
RBinInfo *ret = R_NEW0 (RBinInfo);
@ -268,6 +306,8 @@ static RBinInfo* info(RBinFile *arch) {
ret->big_endian = PE_(r_bin_pe_is_big_endian) (arch->o->bin_obj);
ret->dbg_info = 0;
ret->has_canary = has_canary (arch);
ret->has_nx = has_nx (arch);
ret->has_pi = has_aslr (arch);
ret->has_va = R_TRUE;
if (!PE_(r_bin_pe_is_stripped_debug) (arch->o->bin_obj))
ret->dbg_info |= 0x01;
@ -294,7 +334,8 @@ static int check(RBinFile *arch) {
}
static int check_bytes(const ut8 *buf, ut64 length) {
int idx, ret = R_FALSE;
unsigned int idx;
int ret = R_FALSE;
if (!buf)
return R_FALSE;
idx = (buf[0x3c] | (buf[0x3d]<<8));

6
libr/core/bin.c
View File

@ -203,6 +203,7 @@ static int bin_info (RCore *r, int mode) {
"\"lang\":\"%s\","
"\"pic\":%s,"
"\"canary\":%s,"
"\"nx\":%s,"
"\"va\":%s,"
"\"bits\":%d,"
"\"stripped\":%s,"
@ -219,6 +220,7 @@ static int bin_info (RCore *r, int mode) {
info->lang?info->lang:"",
r_str_bool (info->has_pi),
r_str_bool (info->has_canary),
r_str_bool (info->has_nx),
r_str_bool (info->has_va),
info->bits,
r_str_bool (R_BIN_DBG_STRIPPED (info->dbg_info)),
@ -279,6 +281,7 @@ static int bin_info (RCore *r, int mode) {
"type\t%s\n"
"pic\t%s\n"
"canary\t%s\n"
"nx\t%s\n"
"has_va\t%s\n"
"root\t%s\n"
"class\t%s\n"
@ -298,6 +301,7 @@ static int bin_info (RCore *r, int mode) {
info->file, info->type,
r_str_bool (info->has_pi),
r_str_bool (info->has_canary),
r_str_bool (info->has_nx),
r_str_bool (info->has_va),
info->rclass, info->bclass, info->lang?info->lang:"unknown",
info->arch, info->bits, info->machine, info->os,
@ -1181,4 +1185,4 @@ R_API int r_core_bin_update_arch_bits (RCore *r) {
ut16 bits = r->assembler->bits;
const char *name = binfile ? binfile->file : NULL;
return r_core_bin_set_arch_bits (r, name, arch, bits);
}
}

1
libr/include/r_bin.h
View File

@ -91,6 +91,7 @@ typedef struct r_bin_info_t {
int has_va;
int has_pi; // pic/pie
int has_canary;
int has_nx;
int big_endian;
ut64 dbg_info;
RBinHash sum[3];